refactor(db): route remaining raw DB access through repositories

proxmox, session-log, oidc-utils, webauthn and guacamole recording now use
repositories (new WebauthnCredentialRepository; SsoProviderRepository
listEnabled; HostRepository findDecryptedByIdAs/listProxmoxEnabled).
Remaining raw access: db boot code, simple-db-ops and docker.ts, which are
removed/restructured in later phases.
This commit is contained in:
LukeGus
2026-07-16 00:04:36 -05:00
parent ef4969dd35
commit d710989070
9 changed files with 278 additions and 213 deletions
@@ -2,9 +2,6 @@ import { authLogger } from "../../utils/logger.js";
import type { SSOProviderType } from "../../../types/index.js";
import { DataCrypto } from "../../utils/data-crypto.js";
import { Agent } from "undici";
import { eq } from "drizzle-orm";
import { getDb } from "../db/index.js";
import { ssoProviders } from "../db/schema.js";
import {
createCurrentSettingsRepository,
createCurrentSsoProviderRepository,
@@ -426,10 +423,7 @@ export async function resolveProviderByIssuer(issuer: string): Promise<{
const target = normalizeIssuer(issuer);
try {
const rows = await getDb()
.select()
.from(ssoProviders)
.where(eq(ssoProviders.enabled, true));
const rows = await createCurrentSsoProviderRepository().listEnabled();
for (const row of rows) {
if (!["oidc", "github", "google"].includes(row.type)) continue;
let parsed: Record<string, unknown>;